的i.MX53 QSB和ARM的TrustZone [英] i.MX53 QSB and ARM TrustZone

问题描述

我探索的i.MX53 QSB和TrustZone的扩展。我运行安全的世界由于U-Boot的bootloader的操作系统。现在，我在安全的世界。我有三个问题：

• 的第一个问题是，当我应该共享内存和安全与正常世界的中断？


• 第二个是我如何可以移动到正常的世界，以在其上运行一个操作系统的丰富？


• 第三个问题涉及到监控模式code，我应该在哪里写呢？它是在安全的世界一个内核模块？

解决方案

  

..当我应该共享内存和安全与正常世界的中断？

内存共享取决于您的系统要求/设计。它可以使用 SMC 来只有寄存器共享信息。没有人可以对内存共享给一个通用的答案。

它很少有意义共享中断。您需要在两个世界的驱动程序。整点的的TrustZone 是分区的硬件。

有些硬件的的TrustZone 了解。也就是说，它可以改变它的寄存器设置基于什么世界正在执行/视图。一般情况下，该硬件只有一个世界还是一个独立的中断号中断。如果你没有设备，有的TrustZone 意识到，这可能是尝试愚蠢的事。

  

..我怎么能移动到正常的世界，以在其上运行一个丰富的操作系统？

好了，这时候你有一个监视器模式相当简单。因此，从安全启动（可能是安全的操作系统任务/线程），

1. 加载的正常的世界的操作系统内存中。


2. 设置监控模式堆栈和其他环境中;监控模式需要一个内存缓冲区来存储世界环境。


3. 切换到监控模式。


4. 设置存储分区（intially让一切为了正常的世界）。


5. 更改 NS 位设置正常的世界的 CP15


6. 配置 CP15 寄存器按开机默认。许多操作系统会想到，他们正在启动按正常。大多数的TrustZone 的CPU不设置正常世界的 CP15 默认寄存器。


7. 屏蔽中断，按要求启动关闭缓存等的正常OS 的


8. 在 NS 位仍设置，做世界的开关。

世界开关取决于您的系统设计。如果只使用安全的世界OS寄存器R0-R12的说明可能会像

 ＃NS位。
    MSR spsr_fsxc，LR＃mon_lr含有正常的世界模式，等等。
    LDM SP，{R0  -  R12，PC} ^＃监控SP是一个上下文指针。
 

的 LDM RX，{XXX，PC} ^ 将做一个模式切换。显示器SP可能（为R0-R12）13个零，然后一个正常的世界切入点'PC'。显示器LR将有起动模式（中断屏蔽等）为正常的世界。

注意：这是一个简单的例子，这并不意味着您的特定操作系统。它只是概念性的。具体情况取决于特定常规/安全的世界操作系统要求。通常情况下，你需要做的所有事情引导程序将因为没有了TrustZone该平台/ OS做的。同时，你需要初始化所有的寄存器中的所有模式。你可能不关心寄存器安全的世界，不使用（NEON / VFP），让他们按开机默认值;这是实际的世界开关'code更真实。

  关于监控模式code

......，我应该在哪里写呢？它是在安全的世界一个内核模块？

<一个href=\"http://stackoverflow.com/questions/22080918/trustzone-monitor-mode-and-ifar-ifsr-dfar-dfsr\">Monitor模式会一直使用的安全的世界的CP15寄存器。这意味着显示器模式具有MMU的视图，缓存，安全OS的等等。当NS位和监控模式做了 MCR 或 MRC ，它被设置在正常的世界寄存器。那么，在技术上也可能是'独立'很可能会发生很多安全操作系统和显示器之间的互动。再次，这取决于具体情况。有许多类型的操作系统（或全球环境），

的

1. 轮询模式


2. 非preemptive


3. pre-先发制人

您具有上述用于安全和正常的世界和世界开关处理二者的排列将依赖于双方的要求。对于最复杂的情​​况下（pre先发制人的安全/正常），你需要调度是依赖于操作系统的集成。

I'm exploring the i.MX53 QSB and the TrustZone extensions. I run an OS in the secure world thanks to the U-Boot bootloader. Now I'm in the secure world. I have three questions :

• The first question is when should I share the memory and the interrupts between the secure and normal world ?
• The second one is how can I move to the normal world in order to run a Rich OS on it?
• The third question concerns the monitor mode code, where should I write it ? Is it a kernel module in the secure world ?

解决方案

.. when should I share the memory and the interrupts between the secure and normal world ?

Memory sharing depends on your system requirements/design. It is possible to use the smc to only use registers to share information. No one can give a generic answer on memory sharing.

It rarely makes sense to share interrupts. You would need a driver in both worlds. The whole point of trustzone is to partition hardware.

Some hardware is trustzone aware. Ie, it can change it's register set/view based on what world is executing. Generally, this hardware only has an interrupt for one world or a separate interrupt number. If you do not have a device that is trustzone aware, this is probably a foolish thing to try.

..how can I move to the normal world in order to run a Rich OS on it?

Well, this is fairly simple when you have a monitor mode. So, from the secure boot (maybe a secure OS task/thread),

1. Load the normal world OS to memory.
2. Setup monitor mode stack and other contexts; monitor mode will need a memory buffer to store world contexts.
3. Switch to monitor mode.
4. Setup memory partitioning (intially allow everything for the normal world).
5. Change the NS bit to set normal world CP15.
6. Configure CP15 registers as per boot default. Many OSs will expect that they are booting as per normal. Most trustzone CPUs do not setup the normal world CP15 registers by default.
7. Mask interrupts, turn off cache, etc as required to boot normal OS.
8. With NS bit still set, do a world switch.

The world switch is dependent on your system design. If the secure world OS only used registers R0-R12 the instructions might be like,

    # NS bit is set.
    msr     spsr_fsxc, lr    # mon_lr contains normal world mode, etc.
    ldm sp, {r0 - r12, pc}^  # monitor 'sp' is a context pointer.

The ldm rX, {xxx, pc}^ will do a mode switch. The monitor 'sp' could have 13 zeros (for r0-r12) and then a normal world entry point for the 'PC'. The monitor 'lr' would have the starting mode (interrupt masked, etc) for the normal world.

NOTE: This is a simple example and it not meant for your particular OS. It is only conceptual. Specifics depend on specific normal/secure world OS requirements. Typically, you need to do all the things a boot loader would do for that platform/OS without TrustZone. As well, you need to initialize all registers in all modes. You may not care about registers the secure world doesn't use (NEON/VFP) and leave them as per boot defaults; this is more true for actual 'world switch' code.

...concerning the monitor mode code, where should I write it? Is it a kernel module in the secure world?

Monitor mode will always USE the CP15 registers of the secure world. This implies monitor mode has the MMU view, cache, etc of the secure OS. When the 'NS' bit is set and monitor mode does a mcr or mrc, it is setting the normal world registers. Well, technically it could be 'separate' there will probably be a lot of interaction between the secure OS and the monitor. Again, it depends on specifics. There are many types of OSs (or world contexts),

1. Polling mode
2. Non-preemptive
3. Pre-emptive

You have permutations of the above for both the secure and normal world and the world switch handling will depend on the requirement of both. For the most complex case (Pre-emptive secure/normal), you need integration of schedulers which is OS dependent.

这篇关于的i.MX53 QSB和ARM的TrustZone的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！